2023-04-27 04:17:20 +00:00
|
|
|
const fs = require("fs-extra");
|
|
|
|
|
const dayjs = require("dayjs");
|
|
|
|
|
const glob = require("glob");
|
2023-05-12 05:59:32 +00:00
|
|
|
const openpgp = require("openpgp");
|
2023-04-27 04:17:20 +00:00
|
|
|
|
2023-05-16 08:31:27 +00:00
|
|
|
const conf = require(`${process.env.dirtown}/conf.json`);
|
2023-04-27 04:17:20 +00:00
|
|
|
|
2023-05-12 05:59:32 +00:00
|
|
|
const isAuthenticated = async (req, res, next) => {
|
2023-06-02 08:21:01 +00:00
|
|
|
// tokens if valid are store in /dirtown/tmp/tokens/xalias_xdays_xhash(20,200)
|
2023-05-12 05:59:32 +00:00
|
|
|
// once a day rm oldest tokens than 24hours tag job by adding tmp/tokensmenagedone{day}
|
2023-04-27 04:17:20 +00:00
|
|
|
const currentday = dayjs().date();
|
|
|
|
|
console.log(
|
2023-05-12 05:59:32 +00:00
|
|
|
"if menagedone" + currentday,
|
2023-05-16 08:31:27 +00:00
|
|
|
!fs.existsSync(`${process.env.dirtown}/tmp/tokensmenagedone${currentday}`)
|
2023-04-27 04:17:20 +00:00
|
|
|
);
|
2023-05-16 08:31:27 +00:00
|
|
|
if (!fs.existsSync(`${process.env.dirtown}/tmp/tokens`))
|
|
|
|
|
fs.mkdirSync(`${process.env.dirtown}/tmp/tokens`);
|
|
|
|
|
if (!fs.existsSync(`${process.env.dirtown}/tmp/tokensmenagedone${currentday}`)) {
|
2023-04-27 04:17:20 +00:00
|
|
|
// clean oldest
|
2023-05-12 05:59:32 +00:00
|
|
|
const tsday = dayjs().valueOf(); // now in timestamp format
|
2023-05-16 08:31:27 +00:00
|
|
|
glob.sync(`${process.env.dirtown}/tmp/tokensmenagedone*`).forEach((f) => {
|
2023-04-27 04:17:20 +00:00
|
|
|
fs.removeSync(f);
|
|
|
|
|
});
|
2023-05-16 08:31:27 +00:00
|
|
|
glob.sync(`${process.env.dirtown}/tmp/tokens/*.json`).forEach((f) => {
|
2023-05-12 05:59:32 +00:00
|
|
|
if (tsday - parseInt(f.split("_")[1]) > 86400000) fs.remove(f);
|
2023-04-27 04:17:20 +00:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
//Check register in tmp/tokens/
|
2023-05-12 05:59:32 +00:00
|
|
|
console.log("isAuthenticate?");
|
2023-04-27 04:17:20 +00:00
|
|
|
const resnotauth = {
|
|
|
|
|
ref: "headers",
|
|
|
|
|
msg: "notauthenticated",
|
|
|
|
|
data: {
|
|
|
|
|
xalias: req.session.header.xalias,
|
2023-05-12 05:59:32 +00:00
|
|
|
xaliasexists: true,
|
2023-04-27 04:17:20 +00:00
|
|
|
},
|
|
|
|
|
};
|
2023-06-02 08:21:01 +00:00
|
|
|
//console.log(req.session.header);
|
|
|
|
|
if (req.session.header.xalias == "anonymous" || req.session.header.xhash == "anonymous") {
|
2023-05-12 05:59:32 +00:00
|
|
|
console.log("alias anonymous means not auth");
|
|
|
|
|
return res.status(401).json(resnotauth);
|
|
|
|
|
}
|
2023-04-27 04:17:20 +00:00
|
|
|
|
2023-05-16 08:31:27 +00:00
|
|
|
const tmpfs = `${process.env.dirtown}/tmp/tokens/${req.session.header.xalias}_${
|
2023-05-12 05:59:32 +00:00
|
|
|
req.session.header.xdays
|
|
|
|
|
}_${req.session.header.xhash.substring(20, 200)}`;
|
2023-06-02 08:21:01 +00:00
|
|
|
//console.log(tmpfs);
|
2023-05-12 05:59:32 +00:00
|
|
|
if (!fs.existsSync(tmpfs)) {
|
|
|
|
|
// need to check detached sign
|
|
|
|
|
let publickey;
|
2023-04-27 04:17:20 +00:00
|
|
|
if (
|
2023-05-12 05:59:32 +00:00
|
|
|
fs.existsSync(
|
2023-05-16 08:31:27 +00:00
|
|
|
`${conf.dirapi}/nationchains/pagans/itm/${req.session.header.xalias}.json`
|
2023-04-27 04:17:20 +00:00
|
|
|
)
|
|
|
|
|
) {
|
2023-05-12 05:59:32 +00:00
|
|
|
const pagan = fs.readJsonSync(
|
2023-06-02 08:21:01 +00:00
|
|
|
`${conf.dirapi}/nationchains/pagans/itm/${req.session.header.xalias}.json`
|
2023-04-27 04:17:20 +00:00
|
|
|
);
|
2023-05-12 05:59:32 +00:00
|
|
|
publickey = pagan.publicKey;
|
2023-04-27 04:17:20 +00:00
|
|
|
} else {
|
2023-05-12 05:59:32 +00:00
|
|
|
resnotauth.data.xaliasexists = false;
|
|
|
|
|
if (req.body.publickey) {
|
|
|
|
|
publickey = req.body.publickey;
|
|
|
|
|
} else {
|
|
|
|
|
console.log("alias unknown");
|
|
|
|
|
return res.status(404).send(resnotauth);
|
2023-04-27 04:17:20 +00:00
|
|
|
}
|
|
|
|
|
}
|
2023-06-02 08:21:01 +00:00
|
|
|
if (publickey.substring(0,10)!=="-----BEGIN"){
|
|
|
|
|
console.log("Publickey is not valid as armored key:", publickey)
|
|
|
|
|
return res.status(404).send(resnotauth);
|
|
|
|
|
}
|
|
|
|
|
if (Buffer.from(req.session.header.xhash, "base64").toString().substring(0,10)!=="-----BEGIN"){
|
|
|
|
|
console.log("xhash conv is not valid as armored key:", Buffer.from(req.session.header.xhash, "base64").toString())
|
|
|
|
|
return res.status(404).send(resnotauth);
|
|
|
|
|
}
|
|
|
|
|
let publicKey;
|
|
|
|
|
try {
|
|
|
|
|
publicKey = await openpgp.readKey({ armoredKey: publickey });
|
|
|
|
|
}catch(err){
|
|
|
|
|
console.log(erreur)
|
|
|
|
|
}
|
|
|
|
|
const msg = await openpgp.createMessage({
|
2023-05-12 05:59:32 +00:00
|
|
|
text: `${req.session.header.xalias}_${req.session.header.xdays}`,
|
|
|
|
|
});
|
|
|
|
|
const signature = await openpgp.readSignature({
|
|
|
|
|
armoredSignature: Buffer.from(
|
|
|
|
|
req.session.header.xhash,
|
|
|
|
|
"base64"
|
|
|
|
|
).toString(),
|
|
|
|
|
});
|
2023-06-02 08:21:01 +00:00
|
|
|
//console.log(msg);
|
|
|
|
|
//console.log(signature);
|
|
|
|
|
//console.log(publicKey);
|
2023-05-12 05:59:32 +00:00
|
|
|
const checkauth = await openpgp.verify({
|
|
|
|
|
message: msg,
|
|
|
|
|
signature: signature,
|
|
|
|
|
verificationKeys: publicKey,
|
|
|
|
|
});
|
2023-06-02 08:21:01 +00:00
|
|
|
//console.log(checkauth);
|
|
|
|
|
//console.log(checkauth.signatures[0].keyID);
|
2023-05-12 05:59:32 +00:00
|
|
|
//console.log(await checkauth.signatures[0].signature);
|
|
|
|
|
//console.log(await checkauth.signatures[0].verified);
|
|
|
|
|
|
|
|
|
|
const { check, keyID } = checkauth.signatures[0];
|
|
|
|
|
try {
|
|
|
|
|
await check; // raise an error if necessary
|
|
|
|
|
fs.outputFileSync(tmpfs, req.session.header.xhash, "utf8");
|
|
|
|
|
} catch (e) {
|
|
|
|
|
resnotauth.msg = "signaturefailed";
|
|
|
|
|
console.log("not auth fail sign");
|
|
|
|
|
return res.status(401).send(resnotauth);
|
|
|
|
|
}
|
2023-04-27 04:17:20 +00:00
|
|
|
}
|
2023-05-12 05:59:32 +00:00
|
|
|
console.log("Authenticated");
|
|
|
|
|
next();
|
2023-04-27 04:17:20 +00:00
|
|
|
};
|
|
|
|
|
module.exports = isAuthenticated;
|
